Merge "Add --no-gpg-verify flag to all ostree repos"

kickstart/files/kickstart.cfg

@@ -877,6 +877,18 @@ SUBFUNCTION__STORAGE="\${TRAIT__STORAGE}"
 SUBFUNCTION__WORKER="\${TRAIT__WORKER}"
 SUBFUNCTION__AIO="\${TRAIT__CONTROLLER},\${TRAIT__WORKER}"
 VOLUME_GROUPS="cgts-vg"
+
+# Unverified GPG with kernel parameter instgpg!=1
+#   Verified GPG with kernel parameter instgpg=1
+if grep -q 'instgpg=1' /proc/cmdline 2>/dev/null; then
+    gpg_option=""
+    ilog "Ostree GPG verification enabled"
+else
+    # Tell LAT to enable --no-gpg-verify
+    export INSTGPG=0
+    gpg_option="--no-gpg-verify"
+    ilog "Enable LAT ${gpg_option} option to configure ostree for unverified GPG (gpg-verify=false)"
+fi
 EOF
 ###############################
 # END of Common Functions Block
@@ -2001,17 +2013,6 @@ udevadm settle --timeout=300 || report_failure_with_msg "udevadm settle failed"
 # Rescan LVM cache to avoid warnings for VGs that were recreated.
 pvscan --cache 2>/dev/null
 
-# Unverified GPG with kernel parameter instgpg!=1
-#   Verified GPG with kernel parameter instgpg=1
-if grep -q 'instgpg=1' /proc/cmdline 2>/dev/null; then
-    gpg_option=""
-else
-    # Tell LAT to enable --no-gpg-verify
-    export INSTGPG=0
-    gpg_option="--no-gpg-verify"
-    ilog "Enable LAT ${gpg_option} option to configure ostree for unverified GPG (gpg-verify=false)"
-fi
-
 #
 # Disable IPV6 Route Advertisement during install if enabled
 #
@@ -2106,26 +2107,29 @@ else
         ostree --repo=${repo} init --mode=archive
         echo "min-free-space-percent=0" >> "${config_file}"
         if [ "${insturl}" = "file://NOT_SET" ] ; then
-            ilog "ostree_repo archive pull from file:///instboot/ostree_repo ${gpg_option}"
+            ilog "Adding ostree remote with cmd: ostree --repo=${repo} remote add ${gpg_option} ${instbr} file:///instboot/ostree_repo"
             ostree --repo=${repo} remote add ${gpg_option} ${instbr} file:///instboot/ostree_repo
         else
-            ilog "ostree_repo archive pull from ${insturl} ${gpg_option}"
+            ilog "Adding ostree remote with cmd: ostree --repo=${repo} remote add ${gpg_option} ${instbr} ${insturl}"
             ostree --repo=${repo} remote add ${gpg_option} ${instbr} ${insturl}
         fi
 
         ilog "Executing: ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr} ${gpg_option}"
         MAX_TRIES=3
         RETRY_WAIT=10
+        error_log="/tmp/ostree_pull_error.log"
         for try in 1 2 3
         do
-            ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr}
+            ostree --repo=${repo} pull --depth=-1 --mirror ${instbr}:${instbr} 2> ${error_log}
             rc=$?
             if [ ${rc} -ne 0 ]; then
+                error_msg=$(cat ${error_log})
+
                 if [ ${try} -lt ${MAX_TRIES} ] ; then
-                    wlog "ostree pull failed on try ${try} of ${MAX_TRIES}, rc=${rc} ; retry in ${RETRY_WAIT} seconds ..."
+                    wlog "ostree pull failed on try ${try} of ${MAX_TRIES}, rc=${rc}, message: ${error_msg} ; retry in ${RETRY_WAIT} seconds ..."
                     sleep ${RETRY_WAIT}
-               else
-                    report_failure_with_msg "ostree pull failed, rc=${rc} ; max tries ${try} of ${MAX_TRIES}"
+                else
+                    report_failure_with_msg "ostree pull failed, rc=${rc}, message: ${error_msg} ; max tries ${try} of ${MAX_TRIES}"
                 fi
             else
                 break
@@ -3032,6 +3036,7 @@ if [ "${controller}" = true ] ; then
     feed="${IMAGE_ROOTFS}/var/www/pages/feed/rel-${sw_release}"
     repo="${feed}/ostree_repo"
     config_file="${repo}/config"
+    error_log="/tmp/ostree_pull_error.log"
     mkdir -p "${repo}"
     mkdir -p "${feed}"
 
@@ -3041,8 +3046,16 @@ if [ "${controller}" = true ] ; then
             ilog "Stage ostree_repo from USB device to ${repo}"
             ostree --repo=${repo} init --mode=archive
             echo "min-free-space-percent=0" >> "${config_file}"
-            ostree --repo=${repo} remote add ${instbr} file:///instboot/ostree_repo
-            ostree --repo=${repo} pull ${pull_options} ${instbr}:${instbr}
+            ilog "Adding ostree remote with cmd: ostree --repo=${repo} remote add ${gpg_option} ${instbr} file:///instboot/ostree_repo"
+            ostree --repo=${repo} remote add ${gpg_option} ${instbr} file:///instboot/ostree_repo
+            ostree --repo=${repo} pull ${pull_options} ${instbr}:${instbr} 2> ${error_log}
+            rc=$?
+            if [ $rc -ne 0 ]; then
+                error_msg=$(cat ${error_log})
+                report_failure_with_msg "ostree pull to feed failed [rc=${rc}]: ${error_msg}"
+            else
+                ilog "ostree pull to feed succeed"
+            fi
 
             # Check if this is a prestage iso.If yes, then
             # copy the ostree_repo to the backup directory.
@@ -3103,13 +3116,15 @@ if [ "${controller}" = true ] ; then
         feed_branch="starlingx"
         ilog "Replacing ostree sysroot remote with: ${file_feed} ${feed_branch}"
         ostree --repo=/sysroot/ostree/repo remote delete ${instname}
-        ostree --repo=/sysroot/ostree/repo remote add ${instname} ${file_feed} ${feed_branch}
+        ilog "Adding ostree remote with cmd: ostree --repo=/sysroot/ostree/repo remote add ${gpg_option} ${instname} ${file_feed} ${feed_branch}"
+        ostree --repo=/sysroot/ostree/repo remote add ${gpg_option} ${instname} ${file_feed} ${feed_branch}
         # Set feed ostree remote "starlingx" to point to active controller's feed ostree repo
         feed_remote_name="starlingx"
         feed_remote_url="http://controller:8080/feed/rel-${sw_release}/ostree_repo/"
         ilog "Replacing ostree feed remote with: ${feed_remote_url} ${feed_remote_name}"
         ostree --repo=${repo} remote delete ${feed_remote_name}
-        ostree --repo=${repo} remote add ${feed_remote_name} ${feed_remote_url} ${feed_branch}
+        ilog "Adding ostree remote with cmd: ostree --repo=${repo} remote add ${gpg_option} ${feed_remote_name} ${feed_remote_url} ${feed_branch}"
+        ostree --repo=${repo} remote add ${gpg_option} ${feed_remote_name} ${feed_remote_url} ${feed_branch}
 
         # This fetch is only needed once because the repo is stored in /var
         set_variable "ostree_repo_fetched"
@@ -3180,7 +3195,8 @@ else
     feed_remote_url="http://controller:8080/feed/rel-${sw_release}/ostree_repo/"
     ilog "Replacing ostree sysroot remote with: ${feed_branch}"
     ostree --repo=/sysroot/ostree/repo remote delete ${instname}
-    ostree --repo=/sysroot/ostree/repo remote add ${instname} ${feed_remote_url} ${feed_branch}
+    ilog "Adding ostree remote with cmd: ostree --repo=/sysroot/ostree/repo remote add ${gpg_option} ${instname} ${feed_remote_url} ${feed_branch}"
+    ostree --repo=/sysroot/ostree/repo remote add ${gpg_option} ${instname} ${feed_remote_url} ${feed_branch}
 fi
 
 # Verify Patched iso